Avios privacy policy

Act transparently when we collect your personal data and tell you what we will do with it

Only use your personal information for the purposes described in our Privacy Policy

Use your personal information to provide you with services you have requested, to enhance your experience with AGL and the Airline Partner Schemes

Look after your personal information and keep it secure

Respect your information rights and help you to give you control over your own information

Our full Privacy Policy explains in more detail what personal information we collect, how we collect it, what we may use it for and who we may share it with.

You will find some specific examples (underlined) of why and how we use your personal information. If you have any questions please get in touch with us by writing to Data Protection Officer, Avios Group (AGL) Limited, Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY England or by email to data.protection@avios.com.

Without prejudice to your rights under applicable laws, the above and full privacy policy are not contractual and do not form part of your contract with us.

Full privacy policy

Controller of Personal Information

AGL is the “Data Controller” of your personal information that is processed in connection with this Privacy Policy. Our address is Avios Group (AGL) Limited, Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY, England.

AGL is part of the International Airline Group (“IAG”) and its role as a Data Controller in the Airline Partner Schemes relates primarily to the awarding and redemption of Avios. AGL receive, store and process Airline Partner Scheme Member Data to administer parts of the Schemes. AGL and the Airlines Partners are independent Data Controllers each with separate responsibilities for the processing of personal information of Scheme Members.

If you are a member of an Airline Partner Scheme that partner is a separate Data Controller of your personal information and links to their Privacy Policies are provided below:

If you have made a booking, then the party fulfilling that booking is a Data Controller under European Union and UK data protection law.

What do we mean by personal information?

Personal information means details which identify or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications.

When does this policy apply?

This Privacy Policy applies to the personal information that we collect, use and otherwise process as a member of an Airline Partner Scheme, when you use our websites or mobile applications or when you contact our service agents or call centres.

How can you keep your personal information secure?

We take great care to protect your personal information. You can read more about how we do this in our Security Policy. Here are some things you can do to keep your information secure.

Keep your booking reference confidential

When you make a booking, you will be given a booking reference (also known as a PNR or Passenger Name Record). This will appear on the email confirmation or ticket of each person in your booking. You should keep your booking reference confidential always.Giving your booking reference to others allows them to access your booking details.If you are travelling with others and would not like your individual booking details to be accessible by them, you may prefer each person to make separate bookings.

Keep your membership log-in details confidential

To make sure your access to our websites, other online services and mobile applications remains secure you should not share your log in details with anyone else. When you finish using the website, online services or mobile application you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.

Be aware of and protect yourself against Internet fraud and “Phishing”

There is a fraud practice known as "Phishing" which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm their credentials into a 'cloned' or illegal copy website.

When do we collect personal information about you?

We collect personal information about you when you use our services, become a member of one of the Airline Partner Schemes, make a booking with us, use our website or mobile applications, interact with us by email or use our contact centres. For more information, see “What types of Personal Information do we collect and retain?”In addition, we may receive personal information about you from third parties, such as:

Companies who provide us with your information if you have given prior authorisation.

What types of personal information do we collect and retain?

As a member of an Airline Partner Scheme you will need to provide us with your personal details or if you make a booking the details of those individual(s) who will be travelling.We collect the following categories of personal information:

Online registrations and other interactions

Example: We will retain your information if you have registered through an Airline Partner Scheme, entered a competition, registered for a promotion or interacted with us via social media such as Facebook or Twitter

Travel or redemption booking.

Example: Your name, address, email, contact details, date of birth, gender, account details and payment information. If you make a booking for someone else, we may collect your billing information but may communicate with the other person about their flight directly.Details of any additional assistance you require or dietary requirements.

Use of our websites, contact centres and mobile applications

Example: To help us to personalise and improve our website we collect information about your searches and the content you have viewed on our website using cookies and similar technologies, such as the website you come from, internet banner advertisements and links which appear on our marketing partner websites.

Your location data when you have visited out websites or mobile applications. This is your IP address. (An IP address (Internet Protocol address) is a numeric code that can act as a unique identifier for your computer or other device – this can be turned off from your device.)

Example: Identifying the country that you are accessing our website or application from enables us to provide relevant content and use an appropriate languageIf we have your permission we may use the functionality on your device (Bluetooth, Wi-Fi and GPS) to determine your location to assist with collection opportunities as well as providing a personalised service (You can access or change this option by amending the location settings on your device).

When and why do we collect ‘sensitive personal data’?

Certain categories of personal information, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under European Union and UK data protection law and is referred to here as “sensitive personal data”. Generally, we try to limit the circumstances where we collect and process sensitive personal data.Examples of where we may collect and process “sensitive personal data” includes the following:

You have requested specific medical assistance when making a booking

You have sought clearance to fly with one of our Airline Partners with a medical condition or because you are more than 28 weeks pregnant.

You have otherwise chosen to provide such information to us

You have requested additional services (such as a meal) which by itself is not “sensitive data” but may imply or suggest your religion, health or other information.

What do we use your personal information for?

The main purposes for which we use your personal information are:

Management and administrative purposes of your Airline Partner Scheme

Example: We use your personal information, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks) and systems testing, maintenance and development.

Provide services tailored to you.

Example: As a member of one of the Airline Partner Schemes, we provide information to the Airline Partner to personalise the experience you have when collecting or redeeming your Avios.

Analysis and market research

Example: We analyse the way in which our services are used so that we can better understand our customers, improve the services we offer and encourage the use of the full range of our products and services.

Administer your bookings

Example: We will need to use your name, address, email, contact details, date of birth, gender, passport number, account details and payment information so that we can process bookings, fulfil your travel arrangements, take payment, provide information to suppliers to pass onto relevant authorities (such as tax, customs and immigration authorities) and so that our suppliers know who is travelling on a flight.

Updates and service communications

Example: We will send you communications about the services you have booked to use, such as your travel itinerary. These communications will help you get the most from these services and may also contain options and other details about the services you will be using (e.g. advance seating requests, additional baggage and pre-booked meals).We may also send you communications about the services you have previously used, for example, where you experienced some form of issue or problem and we wish to contact you about it proactively in order to resolve it successfully

What is our legal basis for using your personal information?

AGL will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons AGL collected or needs to use your information. Under EU and UK data protection laws in almost all cases the legal basis will be:

to administer our contractual obligations to you as a member of an Airline Partner Scheme

when it is in our legitimate interests to use your personal information to operate and improve our business

to process your booking and otherwise perform that contract which we have with you

to comply with a legal obligation

to protect the vital interests of you or another person

More information on each legal basis is provided below.

Performance of a contract with you

It is necessary for AGL to use your personal information when you join one of our Airline Partner Schemes you agree that your personal data will be used in accordance with that Scheme’s terms and conditions. It will be necessary for AGL to use your personal information to complete a booking you have made with us. For example, we will need to use information such as your contact details and payment information to administer your booking.

Legitimate Interests

As a loyalty programme and travel provider AGL has a legitimate business interest to use the personal information we collect to offer an effective service and carry out our business.

Compliance with legal obligations

There are situations where AGL is subject to a legal obligation and needs to use your personal information to comply with those obligations.

To protect the vital interest of you or another person

There are situations where we may need to use your personal information to prote.t the vital interests of you or another person

How long do we keep personal information?

We will keep your information for as long as we need it for the purpose it is being processed for. For example, where you make a booking with us we will keep the information related to your booking, so we can administer the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any Avios points which are due to you.We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.

Who do we share your personal information with?

Your personal information may be shared with the companies within our group, which includes International Consolidated Airlines Group S.A (IAG), [British Airways,] Iberia, Iberia Express, Vueling, Aer Lingus, OpenSkies, British Airways Holidays, BA CityFlyer, IAG Connect and IAG GBS.For more details about our group please visit the website of our parent company, IAG. We share information with them, so they can assist us in providing services to you and to understand more about you. For example, if you have flown with one of the airlines in the IAG Group we may use this information to understand more about the sorts of travel services you are likely to be interested in.We may also disclose your personal information to the following third parties:

Airlines and other service providers needed to deliver the services you have asked for.

One of our Airline Partners when you are a member of their Airline Partner Scheme, so that we can administer the benefits of the loyalty programme to you

Credit and charge card companies, credit reference agencies and anti-fraud screening service providers to process payments and (where necessary) to carry out fraud-screening

In response to a valid, legal request from Government and law enforcement agencies such as customs and immigration authorities

Third party service providers we are using to provide services that involve data processing, for example, to carry out customer surveys on our behalf

Third parties, such as law firms and law courts, to enforce or apply any contract with you

Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.

We do not sell personal information to third parties, and we only allow third parties to send you marketing information where you have agreed and consented to this.

What countries will your personal information be sent to?

The nature of our business means it is often necessary for us to send your personal information outside the European Economic Area or the UK to administer your travel arrangements. This occurs because our business and the third parties identified in “Who do we share your personal information with?” have operations in countries across the world. For example, where you are flying outside of the European Economic Area or the UK, your personal information will be transferred to border control and immigration outside of these territories. In addition, we may transfer your data to parties in countries outside the country in which you are located to provide services to us. This may involve sending your data to countries where under their local laws you may have fewer legal rights. We ensure that when your personal information is shared outside of the European Economic Area the necessary safeguards are in place to protect your personal information at all times.

Your individual rights in relation to your personal information

Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information. Responses to exercise your rights will be provided within one month and generally there is no fee for making these requests. If your request is particularly complicated we may extend the deadline for responding to three months, but we will let you know if this is the case.We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and the exceptions to them are set out below.Details of how to exercise your rights are set out in the section below “How to exercise your individual rights”. Your rights include the following:

Marketing – AGL do not send marketing communications. If you no longer wish to receive marketing communications from our Airline Partners, then a request should be submitted to that Airline Partner directly.

Access – You may request access to the personal information that we hold about you.

Processing - You may request us to stop using your personal information where we are doing so under legitimate interests, see the section “What is our legal basis for using your personal information” for examples of when that applies, unless it is needed for dealing with legal claims or we have other compelling legitimate reasons that override your rights.

Restriction – You may ask that we restrict the processing of your personal data to a specific purpose or purposes.

Correction - You may ask us to correct your personal information, the 'right of rectification’, if that information is inaccurate.

Erasure - You may ask for personal information which identifies you to be erased, or forgotten. If you are a member of one of our Airline Partner Schemes, we will liaise with that Airline Partner before replying to your request.

How to exercise your individual rights

If you wish to exercise any of your individual rights set out under the heading ‘Your individual rights in relation to your personal information’ please contact us at the address below.When you are seeking access to your personal information please include the following information with your request:

Your name and postal address

How you would prefer to receive the response (email, post)

Details of your request

4.Any details which may help us locate the information which is the subject of your request, for example:Booking reference or flight numbers and datesFrequent Flyer numberTelephone recording details (identifier number, the number you call from, the number and option you dialled, the date and time of your call(s)).

We may ask you to provide:

a photocopy of your passport or driving licence, so that we can verify your identity

signed authority from a third party if you are applying on their behalf

Changes to this Privacy Policy

If we make any changes to this Privacy Policy, we will let you know by publishing the updated version on our website.This Privacy Policy came into effect on 18 July 2018.

Contact Us - Complaints, Queries and Feedback

If you wish to contact us in relation to this Privacy Policy or you have any concerns, please contact the Data Protection Officer at data.protection@avios.com.You have a right to complain to your Data Protection Authority. In the UK that Authority is the Information Commissioner whose website and contact details can be viewed here.You can contact the Information Commissioner’s Office by telephone on 0303 123 1113.